Azure Pack: Add a new user to a plan automatically

Update: It looks like SMA is not executing the script when a new Tenant is created, but rather when a subscription is added to the user.
Trying to get it confirmed from Microsoft if that is a bug that’s been introduced in one of the latest updates. See comments for more details.

Problem: When a new employee for TrueSec (our company) is logging into Azure Pack he has to be added to the “Tenants – TrueSec Employees” plan manually.

Solution: One way is to add a “signup code” to the plan and tell new employees to manually join the plan with that specific code. It could work, but does not feel like the most optimal solution.

The desired way would be if all new employees could be added to that plan automatically. Is that possible?
– Of course it is, with the help of SMA! Let me show one way to do this.

Pre-Requisits: Connection Asset, SMA Runbook, Link Runbook to a tasma_asset1sk.

In my case, I’m using the MgmtSvcAdmin asset which looks like this. But you can also create other types of Connections with working credentials. Just notice that you have to enter the name of the Admin Site server in the Asset, as the script will use that info. And the useraccount specified obviously need access to use the Admin site (to modify the subscriptions).

Add a new Runbook with the script below. In my case, I’m using ADFS to connect to the Admin site, so the script has to generate a ADFS token first.
if you are not using ADFS, you will have to modify the script to use a normal Windows authentication. It’s the most common way to authenticate, so there shouldn’t be any problems finding example code for.

Though, please note that the script is currently matching the new users e-mail address to (in our case) @truesec.com or @truesec.se. If you don’t use ADFS, it’s possible for a user to type any name they want during registration and then possibly get added to a plan they should not have access too.

And finally, add a new Automation Task, you do that under Clouds -> Automation.
Object: SPF Tenant
Action: Create
Runbook: New-Tenant

The script:

I hope this helps you automating things in your environment. If you can think of any other great usages for SMA or have need for automating something. Please make a comment, maybe I’ll be able to assist.

Azure Pack: SMA Script to set a Static MAC Address for New Virtual NICs

When a user is using AzurePack to add additional Virtual Network Adapters to a Virtual Machine, they end up with a Dynamic MAC Address. This is regardless of what the settings are in the VM Template that were used to create the VM. The NIC(s) created at deployment of the VM, will honor the setting in the Template. It’s just when additional NICs are added this happens.

vmnic1

We have had some issues with VM’s using Dynamic MAC Addresses, where they got a new MAC Address after migrating to another host, resulting in Linux machines being unhappy and som other servers getting new DHCP Addresses.

I figured that this could be an excellent task to get more familiar with SMA and use that cool feature of Azure Pack. So I made a script which will execute when a new Network Adapter is added to a VM through AzurePack, and will set the MAC Address to a Static entry and let SCVMM pick one from the pool.

You will need to create a new Runbook called New-NetworkAdapter with tag SPF, and paste the above code into that runbook.

sma1And also add a SMA Connection Asset, with credentials for connecting to SCVMM.
Name the connection VmmConnection. The script will look for a connection object called VmmConnection, use that Username + Password to connect to the SCVMM Server specified in the same connection object.
vmm1

And finally, create an Automated Task of this information. sma2

Please let me know if you find this useful, if you have any issues or suggestions on how to improve my script.

Azure Pack: Failed to load virtual machine templates for subscription …

Problem: When a user login to Azure Pack, they sometimes get the error message: “Failed to load virtual machine templates for subscription <subscription ID>”.
And if the user tries to deploy a a Virtual Machine, there is no templates to choose from.

Cause: I’m not sure what the real cause is, but it seems to be a bug where Azure Pack forgets that information. The template information is there, it’s just Azure Pack that does not read it.

Workaround: Until this is solved by Microsoft in a hotfix or next updated you will have to handle this by yourself.
You can as an Administrator touch the Plans so they are re-synced and it will immediately start working again. Or you can schedule a powershell script to run regularly, touching the plans.

Here is the powershell command I’ve setup for our environment.

First of all, notice that it’s using a file for the password, to make this automatic.
Use this command once to creat the password.txt file

And it’s using the Get-AdfsToken function to get the a ADFS Token from our ADFS Server (more info: Get-AdfsToken Function), but you can modify the above script to use a normal Windows Token too if you rather want to use the Windows Authentication site than ADFS. Then use this command (replace line 17 in the script above with this line):

 

Get-MgmtSvcToken to get a ADFS Token is broken

Last week, I spent hours trying to get Get-MgmtSvcToken to get a Admin Token from our ADFS server without succeeding.

Get-MgmtSvcToken

Creates an identity token.
Syntax

I tried every possible combination with both “-type WindowsADFS” and “-type ADFS” in combination with various URL’s that should have worked, but didn’t.

With the help of @vNiklas and @_marcvaneijk on Twitter, I was pointed to TechNet where there is a documented bug/error/problem with the Get-mgmtSvcToken command.
By writing this blog, I hope someone will find it through a search and save themselves some time as that TechNet article never showed up when I was searching.

Technet Article: Why can’t I get a token with the Get-MgmtSvcToken cmdlet?

And the solution is to use your own function instead like this;

 

Moving your WordPress site running in Microsoft Azure to Azure Pack

Drum Roll please ….

I’ve now moved my blog from Microsoft  Azure to our own Private Cloud running on Windows Azure Pack!  Hurray!

azpack1

It was a really smooth transition, involving a couple of very easy steps to maintain all blogposts, media and comments.

  1. Provision a new WordPress Blog in Azure Pack.
  2. Login to WordPress to finish the installation.
  3. Upgrade WordPress (to the same version as your old wordpress site).
  4. Add the same Themes as on your old site.
  5. Install WP Clone plugin (free) on both the old and the new wordpress site.
  6. On the old blog, use the WP Clone plugin to make a Backup. When it’s done, you will get a URL, save that.
  7. On the new blog, use the WP Clone plugin to import the Backup from the URL you got in the previous step.
  8. In the new site, update your sites URL’s. In my case, I chanced isolation.labcenteronline.com to www.isolation.se.
  9. Update your DNS points, to point to your private cloud url (in my case, isolation.labcenteronline.com).
  10. Done!

 

Script for importing existing VMs into Azure Pack

As you start working with Azure Pack, you probably realize that you have a lot of existing VM’s that you would like to import into Azure Pack, and by that be able to use them just as you can handle all new ones?

All that’s needed for that, is to set the correct AzurePack user as the owner and SelfServicUuser on that Virtual Machine. And of course, have the machine in the correct “Cloud”.

Here is a small script which will help you out by;

  1. Asking in a Grid View, which Cloud you would like to import a machine in.
  2. Ask which user that should be the new owner of this VM.
  3. Let you pick, which VM from the Cloud you would like to import.

As we have multiple clouds, and users can have multiple subscriptions, I chose to make the script use GridView, to minimize the risk for human errors (typos).

 

Azure Pack: change Web Sites Default Domain DNS Suffix

To change the Default URL (DNS Suffix) for your Web Sites in Windows Azure Pack, follow these simple steps;

On the computer that is hosting the Web Sites Controller, run the following Windows PowerShell command:

Update (2014-07-14): It looks like the command above does not support -DnsSuffix anymore, but one of my readers has posted an alternative solution in the comments;

As an alternative you can use the following approach:

Check the change by using

And you’ll after that also have to do this:
On your SQL Server, open Management Studio.
In the Hosting Database admin.WebSystems table, change the
PublishingDns, FtpDns, and Subdomain to your desired URLs.

Restart your AzurePack servers to make the changes apply everywhere.

Azure Pack: Web Sites MBCA 2.0 Model preventing Feature Pack for Windows Azure Pack Web Sites v2 (KB2927682) from installing.

Windows Update is failing to install “Feature Pack for Windows Azure Pack Web Sites v2 (KB2927682)” on one of my Azure Pack servers. And just give the error message: 0x80070643

The event log shows a slightly better error message; “Product: Web Sites Local Feed — A newer version of Web Sites Local Feed was found on this machine.”

After further investigation, the MSI Logfile reveals some great information and clues;

It lists a program with GUID {BE2AD1F0-C5FF-4F62-95BD-44C829150573} that prevents the installation from completing.
And that GUID turned out, after a quick Registry search, to be “Web Sites MBCA 2.0 Model”.

And after uninstalling “Web Sites MBCA 2.0 Model” from Add/Remove Programs, my Windows Update installation went through at once!

Success!

Azure Pack : Tenant Site automatic installation

If you want to install Azure Pack : Tenant Site in a distributed installation meaning not an Express installation on just one server. It’s possible to do it manually, OR … of course in a scripted way, so it’s automatic, scripted and unattended. Same result each time and smallest amount of time wasted on installations.  Here is a small powershell script that will take care of all the dependencies and install all the packages for the Public Tenant Site.